This Reversing Challenge is created using assembly language. I've done a few things to confuse Ghidra / IDA Pro to make it interesting for you.
At some point in your analysis you may come to a point where it appears you need to brute force approximately 10^32 values... there is an easier way if you examine all of the assembly code. No need to brute force this challenge.
If you are interested the source files used to build the challenge are available after you solve the challenge - see the readme for details. Good Luck!
Once you solve it I'd love to hear about your approach and what you found easy and difficult about the challenge. Thanks!
Discussion
And btw, I dunno why, but i also have the same problem as Ichild
When i run the program, without any debugger, it always shows debugger detected
It only works normally when i change the jump instruction
Maybe it is because i ran the program in the virtual machine?
I will have to look into that... it could be due to the virtual machine.
It shouldn't do that, how fast is your computer? There is a timing test to detect the debugger. Do you know how to patch the binary to remove the jmp after the debugger test? Or I can build you a new version which allows more time when running outside the debugger. Sorry for the problem you are having.
And btw, I dunno why, but i also have the same problem as Ichild
When i run the program, without any debugger, it always shows debugger detected
It only works normally when i change the jump instruction
Maybe it is because i ran the program in the virtual machine?
I will have to look into that... it could be due to the virtual machine.
It shouldn't do that, how fast is your computer? There is a timing test to detect the debugger. Do you know how to patch the binary to remove the jmp after the debugger test? Or I can build you a new version which allows more time when running outside the debugger. Sorry for the problem you are having.
2 weeks ago